[v3,0/2] Address syzkaller warnings in nested VM-Exit after RSM

Message

Kishen Maloor May 1, 2024, 8:29 p.m. UTC

This series aims to close the loop on a prior conversation on this matter.
I have picked this up from Michal Wilczynski who had proposed different
fixes (v1 and v2).

v2: https://lore.kernel.org/all/20240123001555.4168188-1-michal.wilczynski@intel.com/
v1: https://lore.kernel.org/all/20231222164543.918037-1-michal.wilczynski@intel.com/

The issue was initially reported here:
https://lore.kernel.org/all/CAMhUBjmXMYsEoVYw_M8hSZjBMHh24i88QYm-RY6HDta5YZ7Wgw@mail.gmail.com/

It is caused by setting nested_run_pending in the vendor-specific leave_smm()
callback from the RSM emulation. The syzkaller test produced a triple fault in
rsm_load_state_64() resulting in a nested VM-Exit with nested_run_pending being
set and triggered the warnings. The commit message for patch 2 has a detailed
description of the flow.

The patches do the following:
a) Move nested_run_pending out of vendor structs and into the x86 kvm_vcpu_arch
so it can be accessed by common x86 code (e.g., the SMM emulation).
The usage and semantics of this flag are common between SVM and VMX. 

b) Set nested_run_pending only after a successful RSM emulation.

This evidently resolves the issue, but I would appreciate feedback
(if the patches are acceptable) and/or suggestions.

Kishen Maloor (2):
  KVM: x86: nSVM/nVMX: Move nested_run_pending to kvm_vcpu_arch
  KVM: x86: nSVM/nVMX: Fix RSM logic leading to L2 VM-Entries

 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kvm/smm.c              | 12 ++++++++--
 arch/x86/kvm/svm/nested.c       | 14 +++++------
 arch/x86/kvm/svm/svm.c          | 12 ++++------
 arch/x86/kvm/svm/svm.h          |  4 ----
 arch/x86/kvm/vmx/nested.c       | 42 ++++++++++++++++-----------------
 arch/x86/kvm/vmx/vmx.c          | 13 +++++-----
 arch/x86/kvm/vmx/vmx.h          |  3 ---
 8 files changed, 50 insertions(+), 51 deletions(-)